Question
Last activity: 17 May 2016 14:18 EDT
Unable to open delegated instances
Unable to open delegated instances from user portal and it's giving below error.
Information
Unable to open instance - Possible causes may be (1) Rule may no longer exist. (2) Availability of the rule may be set to No/Draft, Blocked or Withdrawn. (3) Circumstance of the rule may be preventing access. (4) Current date is not within the date range specified in the rule.
>> Created a decision table and keep it in higher version, which is unlocked. ( Product RSV is not finalized yet and it will move to ProductRuleset once its ready ).
>> The decision rule was delegated to the user access group , the delegated instances is being appeared under My Rules category but it's giving error if try to open it.
The user AG is accessible to the RSV where the rule is exist .
The ARO instances were created for Rule-Declare-Decisiontable , Embed-System-User-MyRules and Applies to Class of the rule. Configured the security level as 5 for Open instances and open rule .
I have traced the user session while trying to open it and i could see that WBOpen rule is being called and at step#9 it's checking the following privileges. since user don't have those privileges then it's throwing an error.
So i added the following privileges to Rule-Declare-DecisionTable ARO but still getting the same issue.
@HavePrivilege(tools, "pxViewLimitedForm", local.firstKey, TempOpenPage)
Unable to open delegated instances from user portal and it's giving below error.
Information
Unable to open instance - Possible causes may be (1) Rule may no longer exist. (2) Availability of the rule may be set to No/Draft, Blocked or Withdrawn. (3) Circumstance of the rule may be preventing access. (4) Current date is not within the date range specified in the rule.
>> Created a decision table and keep it in higher version, which is unlocked. ( Product RSV is not finalized yet and it will move to ProductRuleset once its ready ).
>> The decision rule was delegated to the user access group , the delegated instances is being appeared under My Rules category but it's giving error if try to open it.
The user AG is accessible to the RSV where the rule is exist .
The ARO instances were created for Rule-Declare-Decisiontable , Embed-System-User-MyRules and Applies to Class of the rule. Configured the security level as 5 for Open instances and open rule .
I have traced the user session while trying to open it and i could see that WBOpen rule is being called and at step#9 it's checking the following privileges. since user don't have those privileges then it's throwing an error.
So i added the following privileges to Rule-Declare-DecisionTable ARO but still getting the same issue.
@HavePrivilege(tools, "pxViewLimitedForm", local.firstKey, TempOpenPage)
@HavePrivilege(tools, "UpdateLimitedForm", "@baseclass", TempOpenPage)
@HavePrivilege(tools, "OpenDeveloperForm", "@baseclass", TempOpenPage)
Please let me know if configuration.is missed.
Pega PRPC:7.2
Updated: 23 Mar 2016 16:01 EDT
Pegasystems Inc.
US
You mention the rule appears in the My Rules category. How did you delegate the decision table? Did you use the Delegate button the rule form or are you using the older Favorites method? The OOTB portal has a Configuration section that appears when a rule is delegated using the Delegate action.
Did you use the Delegate button the rule form or are you using the older Favorites method? --------------> used Favorite method
Delegated rule is being shown under My Rules category but it's not opening.
Getting the same exception as Unable to open instance after the rule has been delegate using the Delegate button as well.
Administrator is able to open it if it's delegated to Admin AG. Looks like access issue as mentioned earlier.
Just curious .why do we need two options ("Favorites" and "Delegate" ) to delegate the rule? Any significance difference between them?
I see, if the rule is delegated using Favorites then instance will be appeared under "MyRules" Category (Operator Menu) ,and if it's delegated using Delegate option then it will be appeared under "Manage Change" on portal screen.
Pegasystems Inc.
US
The Delegate action is the new method for delegating rules. As of 7.2, this method supports Data types, decision tables, paragraphs, correspondence rules, and map values.
Pegasystems Inc.
US
I just tested on my 7.2 system but did not encounter an access issue. My manager role is a clone of the PegaRULES:WorkMgr4 role. Can you compare your manager role with that one and see if there are differences?
Thanks Carissa for response.
As i mentioned earlier ,this issue with user access role ( clone of PegaRULES:User4). . Do we need to add specific privileges to access the delegated instances?
Pegasystems Inc.
US
Sorry, I guess missed that earlier since rules are typically delegated to managers. I compared the manager and user roles and was able to get mine working with the following changes.
- Added the UpdateLimitedForm privilege to @baseclass
- Modified access to Rule- and Rule-Declare- classes to match what is defined in the manager role
- Modified access to Work- to match what is defined in the manager role, although you may want to restrict this more based on your classes.
still i couldn't make it work after added the above changes. Now the rule is opened but it doesn't have the content.
No change in behavior even though the user AG is configured with PegaRules:workMgr4 role.
Snapshot of it.
As per my analysis , In WBOpen activity ,at step#13 ,the pzGetDelegationDetails activity is getting called only for manager and user profiles but not Admin profiles. I was surprised why it's getting called during opening the favorites instances . I see a when rule(pzReqNotFromLP) is configured before invoking that activity ,it's checking the condition as pxThread.pxLimitedAccess!="LimitedUpdate" . This condition is being returned true for admin profiles but not for user/manager profiles.I'm not sure how the value are being set for " pxThread.pxLimitedAccess".
Note : if added the "OpenDeveloperForm" privilege to @baseclass then it's working fine perfectly .
Pegasystems Inc.
US
You will need to use the new Delegate action and My Configuration sections. In the screen shot it shows you are using the older My Business Rules section.
we didn't customize OOTB section to show the delegation stuff. if added "OpenDeveloperForm" privilege then it's working fine.
I used "Delegate" option to delegate the rule ,it's being shown under "Manager Change" section, and it's opened properly .
we need to hide the "Ruleform Save As Menu" for users. Please suggest.
Pegasystems
US
Trace the presentation of the ruleform and look for rules with the name "toolbar" in them. You'll find some that make decisions to determine for each icon whether to display that icon. Once you identify where the decision is made whether to display the save-as icon, see what opportunities there are for altering the decision. /Eric
Pegasystems Inc.
US
Brahmeshwara,
Hello. I think what Eric was suggesting was that you trace to figure out what the underlying logic is. Presumably there is a privilege that is checked and you could modify your operators accordingly. I don't know, off the top of my head, what the logic is so can I can't say "change X", but once you do the digging, it should be clearer. Even if you need to make sure that a specific value is set, at least you'll know with a higher degree of confidence. I know you've mentioned trying a number of things. It's possible that you've given more privileges than you intended in just trying to get to this point.
Thanks,
Mike